Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 74 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
Internet Explorer is a web browser developed by Microsoft which is included in Microsoft Windows Operating Systems.
Microsoft has released KB5043049 for Internet Explorer 11 and 9
Affected Versions:
Internet Explorer 11 on Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2012.
Internet Explorer 11 on Windows Server 2008.
Detection Logic: We are verifying the file version of "mshtml.dll".
Successful exploitation could compromise confidentiality, integrity and availability
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5043049
This security update contains the following KBs:
QID Detection Logic (Authenticated):
Operating System: Windows
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38018
CVE-2024-38227
CVE-2024-38228
CVE-2024-43464
CVE-2024-43466
This security update contains the following:
KB5002566
KB5002605
KB5002601
KB5002634
and Office Click-2-Run and Office 365 Release Notes and
QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.
Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications.
Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38226
CVE-2024-38250
CVE-2024-43463
CVE-2024-43465
An authenticated attacker with Azure CycleCloud instance command execution capabilities might send a specially crafted request to return storage account credentials and runtime data.
Affected Software:
Azure CycleCloud from 8.0.0 prior to 8.0.3
Azure CycleCloud from 8.1.0 prior to 8.1.2
Azure CycleCloud from 8.2.0 prior to 8.2.3
Azure CycleCloud 8.3.0
Azure CycleCloud from 8.4.0 prior to 8.4.3
Azure CycleCloud 8.5.0
Azure CycleCloud 8.6.0 prior to 8.6.4
QID Detection Logic (Authenticated):
On Linux, this authenticated QID flags vulnerable version of Azure CycleCloud.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43469
Affected Software:
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2019 for x64-based Systems (CU 28)
Microsoft SQL Server 2022 for x64-based Systems (CU 14)
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
QID Detection Logic (Authenticated):
On Windows, this QID checks for the vulnerable version of SQL server via the registry keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft SQL Server and HKEY_LOCAL_MACHINE\WOW6432Node\SOFTWARE\Microsoft SQL Server and the related sub keys for SQL server.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-26186
CVE-2024-26191
CVE-2024-37335
CVE-2024-37337
CVE-2024-37338
CVE-2024-37339
CVE-2024-37340
CVE-2024-37341
CVE-2024-37342
CVE-2024-37965
CVE-2024-37966
CVE-2024-37980
CVE-2024-43474
Affected Software:
Microsoft AutoUpdate Version prior to 4.72
QID Detection Logic (Authenticated):
The authenticated check looks for installed Mac packages.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43492
CVE-2024-38225:Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability.
Affected Software:
Microsoft Dynamics 365 Business Central 2024 Release Wave 1 - Update
Microsoft Dynamics 365 Business Central 2023 Release Wave 2 - Update
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 - Update
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-38225
KB5043050
KB5042881
KB5042880
KB5043067
KB5043064
KB5043076
KB5043080
KB5043083
KB5043051
KB5043055
KB5043138
KB5043135
KB5043087
KB5043129
KB5043092
KB5043125
KB5043049
KB5040442
KB5040438
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5040438
KB5040442
KB5042880
KB5042881
KB5043049
KB5043050
KB5043051
KB5043055
KB5043064
KB5043067
KB5043076
KB5043080
KB5043083
KB5043087
KB5043092
KB5043125
KB5043129
KB5043135
KB5043138
Affected Software:
Microsoft Dynamics CRM (on-premises) version 9.1
QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43476
Power Automate allows you to automate web and desktop applications on your Windows desktop by mimicking the user interface actions like clicks, and keyboard input.
Power Automate for Desktop Affected Versions:
Versions starting from 2.41 up to but not including 2.41.178.24249.
Versions starting from 2.42 up to but not including 2.42.331.24249.
Versions starting from 2.43 up to but not including 2.43.249.24249.
Versions starting from 2.44 up to but not including 2.44.55.24249.
Versions starting from 2.45 up to but not including 2.45.404.24249.
Versions starting from 2.46 up to but not including 2.46.181.24249.
Versions starting from 2.47 up to but not including 2.47.119.24249.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43479
Affected products:
KB5043083
QID Detection Logic (Authenticated):
This QID checks for the file version of 'ntoskrnl.exe'.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2024-43491
These new vulnerability checks are included in Qualys vulnerability signature 2.6.137-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.